David, thanks for this information. I think getting the right mix of group size/timeouts is dependent on the hardware and the OS configuration. Since this varies considerably, this is why we decided to expose these values in the config, so you can fine tune.
I have a really old box (AMD Athlon 1GHz, 512MB RAM), which runs one VM with a group size of 8. Then I have a E4500 with 2GB ram and was able to run a VM with a group size of ~50 comfortably...(but, I have to admit, this was one VM and I didnt watch CPU settings....let me run a bunch of VMs with this config and get back to you) As per the client-inactivity errors, could you observe what happens within the VM and let me know? It could be that your timeouts are too small.... I'll check into the amazon.co.uk and the play.co.uk site from this end and see what I can find out.... Thanks, David! Christian On Thu, Aug 28, 2008 at 10:31 AM, David Watson <[EMAIL PROTECTED]>wrote: > Christian, > > The default group_size in config.xml for 2.5 Beta1 is group_size="20" > (launching 20 IE windows per honeypot). > > Based on your experience so far, how realistic a setting is this? I ask > as when I run a single 256MB VM on a C2D E4500 it seems to struggle > (100% CPU on one core), and results are similar with two identical > running VMs. Do you have any expectations yet for RAM/CPU resources > required vs group_size setting? > > When attempting to crawl the list of the same 150 web sites every hour > for the past couple of days I seem to be getting a lot more > "error:CAPTURE_CLIENT_INACTIVITY-0" errors in 2.5 Beta1 (2620 so far > today, arriving in blocks of 20 at a time due to the default group_size > setting). Is suspect my honeypot VMs are not up to the task! ;-) > > Excluding these errors I also seem to be experiencing repeat failures on > a couple of sites quite regularly: > > grep -v error:CAPTURE_CLIENT_INACTIVITY-0 error.log > "28/08/2008 > 02:01:07.590","error:PROCESS_ERROR-0","-1441521598"," > http://www.amazon.co.uk","iexplorebulk","20"; > "28/08/2008 > 02:01:07.652","error:VM_STALLED-0","-1476726199","http://www.play.co.uk > ","iexplorebulk","20" > "28/08/2008 > 03:01:09.986","error:PROCESS_ERROR-0","-206652670"," > http://www.amazon.co.uk","iexplorebulk","20"; > "28/08/2008 > 04:01:11.174","error:PROCESS_ERROR-0","-657645593"," > http://www.amazon.co.uk","iexplorebulk","20"; > "28/08/2008 > 05:01:11.429","error:PROCESS_ERROR-0","-741515324"," > http://www.amazon.co.uk","iexplorebulk","20"; > "28/08/2008 > 05:01:11.564","error:VM_STALLED-0","737778889","http://www.play.co.uk > ","iexplorebulk","20" > "28/08/2008 > 06:01:11.792","error:PROCESS_ERROR-0","-1480545044"," > http://www.amazon.co.uk","iexplorebulk","20"; > "28/08/2008 > 07:01:12.213","error:PROCESS_ERROR-0","-1317856978"," > http://www.amazon.co.uk","iexplorebulk","20"; > "28/08/2008 > 07:01:12.282","error:VM_STALLED-0","394643684","http://www.play.co.uk > ","iexplorebulk","20" > "28/08/2008 > 08:01:12.512","error:PROCESS_ERROR-0","246929777","http://www.amazon.co.uk > ","iexplorebulk","20" > "28/08/2008 > 08:01:12.544","error:VM_STALLED-0","987479157","http://www.play.co.uk > ","iexplorebulk","20" > "28/08/2008 > 09:01:12.756","error:PROCESS_ERROR-0","-1148656228"," > http://www.amazon.co.uk","iexplorebulk","20"; > "28/08/2008 > 10:01:13.69","error:PROCESS_ERROR-0","1712450388","http://www.amazon.co.uk > ","iexplorebulk","20" > "28/08/2008 > 10:01:13.101","error:VM_STALLED-0","1760899997","http://www.play.co.uk > ","iexplorebulk","20" > "28/08/2008 > 11:01:13.365","error:PROCESS_ERROR-0","-2146284298"," > http://www.amazon.co.uk","iexplorebulk","20"; > "28/08/2008 > 12:01:13.850","error:PROCESS_ERROR-0","798835671","http://www.amazon.co.uk > ","iexplorebulk","20" > "28/08/2008 > 13:01:14.46","error:PROCESS_ERROR-0","-1459991662"," > http://www.amazon.co.uk","iexplorebulk","20"; > "28/08/2008 > 13:01:14.138","error:VM_STALLED-0","-542297428","http://www.play.co.uk > ","iexplorebulk","20" > "28/08/2008 > 14:01:14.286","error:PROCESS_ERROR-0","1210634026"," > http://www.amazon.co.uk","iexplorebulk","20"; > "28/08/2008 > 15:01:14.578","error:PROCESS_ERROR-0","-2132442494"," > http://www.amazon.co.uk","iexplorebulk","20"; > "28/08/2008 > 16:01:14.884","error:PROCESS_ERROR-0","-789312679"," > http://www.amazon.co.uk","iexplorebulk","20"; > "28/08/2008 > 17:01:15.304","error:PROCESS_ERROR-0","914111900","http://www.amazon.co.uk > ","iexplorebulk","20" > "28/08/2008 > 18:01:15.510","error:PROCESS_ERROR-0","371153799","http://www.amazon.co.uk > ","iexplorebulk","20" > > Perhaps the same site is always reported as it is the first URL in the > list, rather than being a problem specific to that site. I'll keep > experimenting. > > Thanks, > > David > > -- > David Watson > UK Honeynet Project > www.ukhoneynet.org > [EMAIL PROTECTED] > _______________________________________________ > Capture-HPC mailing list > Capture-HPC@public.honeynet.org > https://public.honeynet.org/mailman/listinfo/capture-hpc > -- ---- Web: http://www.mcs.vuw.ac.nz/~cseifert PGP key http://www.mcs.vuw.ac.nz/~cseifert/pgpkey.txt Primary key fingerprint: E979 0D9A 9187 D821 F86F B712 C8DB 0583 B046 BAEF
_______________________________________________ Capture-HPC mailing list Capture-HPC@public.honeynet.org https://public.honeynet.org/mailman/listinfo/capture-hpc
